Wireless drive-by

How easy is it to sniff out wireless networks with the intent to break in?

Very easy, if you have the right antennae hooked to your laptop and you have freeware network-sniffer software such as NetStumbler. That is what the security director of Guardent Inc., a Waltham, Mass.-based managed security service provider, used last week during a "war drive" through the business district and Capitol Hill area of Washington, D.C.

Riding in a Humvee with the company's name printed on each side, Todd Waskelis demonstrated how a person using radio frequency scanning could detect wireless access points. During a half-hour drive that covered about eight miles, he picked up 236 wireless access points including government, business and personal wireless local-area networks (WLANs).

More than half of those access points — 135 — didn't have Web-enabled encryption to protect data sent over the WLANs. The NetStumbler software listed the network's message authentication code address and whether data is encrypted, the name of the network if the company or agency chose to broadcast it, the radio channel it is located on, and the type of access point device being used.

The nonencrypted WLANs represent low-hanging fruit for hackers or intruders, Waskelis said. He added that the nonencrypted networks could have other security features to block access, but intruders can use "access points to get to the Internet." And by using someone else's IP address, a person can hide his or her identity.

"War walking" or "war driving," the process of moving around a city looking for access points in order to penetrate WLANs, is becoming more prevalent, according to industry experts. Another common occurrence is "war chalking," when intruders mark the spot where wireless access points can be picked up, said Mike Disabato, a senior analyst with the Burton Group, an information technology consulting firm.

"Most [intruders] are looking for free Internet access, which is an illegal use of your services," Disabato said. But others may want to steal data, he added.

***

Wireless war drive stats

A "war drive" through downtown Washington, D.C., detected the following:

* 236 wireless access points.

* 135 unencrypted wireless LANs.

* 8 peer-to-peer connections.

* 11 unnamed networks.

Featured

  • Management
    people standing on keyboard (Who is Danny/Shutterstock.com)

    OPM-GSA merger plan detailed in legislative proposal

    The White House is proposing legislation for a dramatic overhaul of human resources inside government and wants $50 million to execute the plan.

  • Cloud
    cloud applications (chanpipat/Shutterstock.com)

    GSA plans civilian DEOS counterpart

    GSA is developing a cloud email and enterprise services contract inspired by the single-source vehicle the Department of Defense devised for back-office software.

  • Defense
    software (whiteMocca/Shutterstock.com)

    DOD looks to unify software spending for 2020

    Defense Department acquisition head, Ellen Lord, hopes to simplify software buying and improve business systems following the release of the Defense Innovation Board's final software acquisition study.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.